Several suspicious emails are being reported from end users.
Organizational email is hosted by a SaaS provider.
Upon investigation, the URL in the email links to a phishing site where users are prompted to enter their domain credentials to reset their passwords.
Which of the following should the cloud administrator do to protect potential account compromise?
Click on the arrows to vote for the correct answer
A. B. C. D.D.
The correct answer to this question is D. Notify users who received the email to reset their passwords regardless of whether they click on the URL.
Explanation: In this scenario, suspicious emails are being reported, and investigation shows that the URL in the email links to a phishing site. The phishing site prompts users to enter their domain credentials to reset their passwords, which is a classic social engineering tactic used to steal user account credentials.
Given the situation, it's critical to take immediate action to protect the organization from potential account compromise. Option A of forwarding the email to the systems team distribution list and providing the compromised user list may be a good practice for reporting suspicious emails in general, but in this case, it does not provide any immediate protection for users.
Option B of clicking on the URL link to verify the website and entering false domain credentials is a risky and unprofessional action. It may expose the cloud administrator's own account to compromise, and it does not provide any protection for other users who may have already entered their actual credentials.
Option C of changing the encryption key for the entire organization and locking out all users from using email until the issue is remediated is an extreme measure that can disrupt the entire organization's workflow. It is not necessary in this case, and it may cause unnecessary panic among users.
Option D of notifying users who received the email to reset their passwords regardless of whether they click on the URL is the best course of action. This will alert users of the potential danger and prompt them to take immediate action to protect their accounts. Even if users did not click on the URL, they should still reset their passwords to prevent any potential password reuse or other forms of credential abuse.
In summary, the cloud administrator should choose Option D to notify users to reset their passwords as soon as possible, and also remind them to stay vigilant and report any suspicious emails to the IT team.